I am developing an app using Qt, and at some point, I was required to encrypt and "sign" a file provided a private certificate using SHA-256. I did a fair amount of readings on OpenSSL and certificates, but I am incapable of understanding how to conduct the process in a C++ code.
In essence, I am attempting the equivalent of this command:
openssl dgst -sha256 -out output.txt -sign certificate.pem input.txt
I have explored the available Qt classes, namely the following:
- http://doc.qt.io/qt-5/qsslcertificate.html
- http://doc.qt.io/qt-5/qcryptographichash.html
- http://doc.qt.io/qt-5/qsslkey.html
The QSslCertificate class has a digest method, which seems relevant. Similarly, I can get the hashed content of the file using QCryptographicHash::hash. But nowhere can I find any mentions of "signing" the file with the certificate containing the RSA key.
I can't say I fully understand the signing process, but the terminology I've heard is "masking" the generated SHA256 hash using an RSA algorithm - which I assumed is achieved by the OpenSSL -sign argument.
If Qt was never meant to achieve that, what would be the easiest, or the typical alternative. I expect I'll need to include another library? Or do I simply dive to explore the OpenSSL libraries and attempt to include them in my project? https://www.openssl.org/docs/manmaster/man3/
Given how small this encryption process will be in my app, I'd appreciate an option that requires minimal integration and learning.
There appears to be a function
RSA_signwhich does exactly that, if you're into implementing it yourself with OpenSSL. You can manually take the SHA256 of your file (again, with OpenSSL),RSA_signit, and useRSA_verifyto check its validity.See here...
Edit: Here is an example on how to extract private key data from a PEM certificate - that is of course in case your certificate is in PEM format. PEM basically includes a human-readable header, and following key data in base64 format. You can check if your certificate file begins with a
-----BEGIN RSA PRIVATE KEY-----line.